cef/patch/patches/browser_security_policy_108...

diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc
index d548b3d7e0a0a..cb93301271cda 100644
--- content/browser/child_process_security_policy_impl.cc
+++ content/browser/child_process_security_policy_impl.cc
@@ -1719,6 +1719,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(
             // DeclarativeApiTest.PersistRules.
             if (actual_process_lock.matches_scheme(url::kDataScheme))
               return true;
+
+            // Allow other schemes that are non-standard, non-local and WebSafe.
+            if (lock_url.is_valid() &&
+                !lock_url.IsStandard() &&
+                !base::Contains(url::GetLocalSchemes(),
+                                lock_url.scheme_piece()) &&
+                base::Contains(schemes_okay_to_request_in_any_process_,
+                               lock_url.scheme())) {
+              return true;
+            }
           }
 
           // TODO(wjmaclean): We should update the ProcessLock comparison API
diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc
index 751ee13227ae6..d4676b47955f8 100644
--- content/browser/renderer_host/navigation_request.cc
+++ content/browser/renderer_host/navigation_request.cc
@@ -5314,6 +5314,12 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactory() {
 
   // Calculate an approximation of the origin. The sandbox/csp are ignored.
   url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(this);
+  if (!origin.GetURL().IsStandard()) {
+    // Always return an opaque origin for non-standard URLs. Otherwise, the
+    // below CanAccessDataForOrigin() check may fail for unregistered custom
+    // scheme requests in CEF.
+    return origin.DeriveNewOpaqueOrigin();
+  }
 
   // Apply sandbox flags.
   // See https://html.spec.whatwg.org/#sandboxed-origin-browsing-context-flag
Fix load of non-standard custom scheme URI as iframe src (see issue #2929) 2020-05-12 00:12:20 +02:00			`diff --git content/browser/child_process_security_policy_impl.cc content/browser/child_process_security_policy_impl.cc`
Update to Chromium version 92.0.4515.0 (#885287) 2021-06-04 03:34:56 +02:00			`index d548b3d7e0a0a..cb93301271cda 100644`
Fix load of non-standard custom scheme URI as iframe src (see issue #2929) 2020-05-12 00:12:20 +02:00			`--- content/browser/child_process_security_policy_impl.cc`
			`+++ content/browser/child_process_security_policy_impl.cc`
Update to Chromium version 92.0.4515.0 (#885287) 2021-06-04 03:34:56 +02:00			`@@ -1719,6 +1719,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(`
Update to Chromium version 88.0.4324.0 (#827102) - Mac: Xcode 12.2 and the MacOS 11.0 SDK are now required for building. - MacOS 10.10 (Yosemite) is no longer supported (see https://crbug.com/1126056). - Flash is no longer supported (see https://www.chromium.org/flash-roadmap). 2020-12-02 23:31:49 +01:00			`// DeclarativeApiTest.PersistRules.`
			`if (actual_process_lock.matches_scheme(url::kDataScheme))`
			`return true;`
Fix load of non-standard custom scheme URI as iframe src (see issue #2929) 2020-05-12 00:12:20 +02:00			`+`
Update to Chromium version 88.0.4324.0 (#827102) - Mac: Xcode 12.2 and the MacOS 11.0 SDK are now required for building. - MacOS 10.10 (Yosemite) is no longer supported (see https://crbug.com/1126056). - Flash is no longer supported (see https://www.chromium.org/flash-roadmap). 2020-12-02 23:31:49 +01:00			`+ // Allow other schemes that are non-standard, non-local and WebSafe.`
			`+ if (lock_url.is_valid() &&`
			`+ !lock_url.IsStandard() &&`
			`+ !base::Contains(url::GetLocalSchemes(),`
			`+ lock_url.scheme_piece()) &&`
			`+ base::Contains(schemes_okay_to_request_in_any_process_,`
Update to Chromium version 89.0.4389.0 (#843830) - SSE3 is now required on x86 processors (see https://crbug.com/1123353). 2021-01-28 00:13:12 +01:00			`+ lock_url.scheme())) {`
Update to Chromium version 88.0.4324.0 (#827102) - Mac: Xcode 12.2 and the MacOS 11.0 SDK are now required for building. - MacOS 10.10 (Yosemite) is no longer supported (see https://crbug.com/1126056). - Flash is no longer supported (see https://www.chromium.org/flash-roadmap). 2020-12-02 23:31:49 +01:00			`+ return true;`
			`+ }`
			`}`
Fix load of non-standard custom scheme URI as iframe src (see issue #2929) 2020-05-12 00:12:20 +02:00
Update to Chromium version 88.0.4324.0 (#827102) - Mac: Xcode 12.2 and the MacOS 11.0 SDK are now required for building. - MacOS 10.10 (Yosemite) is no longer supported (see https://crbug.com/1126056). - Flash is no longer supported (see https://www.chromium.org/flash-roadmap). 2020-12-02 23:31:49 +01:00			`// TODO(wjmaclean): We should update the ProcessLock comparison API`
Fix crash when navigating to an unregistered scheme (fixes issue #3105) The policy->CanAccessDataForOrigin CHECK in NavigationRequest:: GetOriginForURLLoaderFactory was failing because unregistered schemes (which are already considered non-standard schemes) didn't trigger the registered non-standard scheme allowance that we previously added in ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change modifies GetOriginForURLLoaderFactory to always return an opaque/unique origin for non-standard schemes resulting in unregistered and non-standard schemes receiving the same treatment. New test coverage has been added for this condition, and can be run with: ceftests --gtest_filter=CorsTest.CustomUnregistered 2021-04-12 19:55:48 +02:00			`diff --git content/browser/renderer_host/navigation_request.cc content/browser/renderer_host/navigation_request.cc`
Update to Chromium version 92.0.4515.0 (#885287) 2021-06-04 03:34:56 +02:00			`index 751ee13227ae6..d4676b47955f8 100644`
Fix crash when navigating to an unregistered scheme (fixes issue #3105) The policy->CanAccessDataForOrigin CHECK in NavigationRequest:: GetOriginForURLLoaderFactory was failing because unregistered schemes (which are already considered non-standard schemes) didn't trigger the registered non-standard scheme allowance that we previously added in ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change modifies GetOriginForURLLoaderFactory to always return an opaque/unique origin for non-standard schemes resulting in unregistered and non-standard schemes receiving the same treatment. New test coverage has been added for this condition, and can be run with: ceftests --gtest_filter=CorsTest.CustomUnregistered 2021-04-12 19:55:48 +02:00			`--- content/browser/renderer_host/navigation_request.cc`
			`+++ content/browser/renderer_host/navigation_request.cc`
Update to Chromium version 92.0.4515.0 (#885287) 2021-06-04 03:34:56 +02:00			`@@ -5314,6 +5314,12 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactory() {`
Fix crash when navigating to an unregistered scheme (fixes issue #3105) The policy->CanAccessDataForOrigin CHECK in NavigationRequest:: GetOriginForURLLoaderFactory was failing because unregistered schemes (which are already considered non-standard schemes) didn't trigger the registered non-standard scheme allowance that we previously added in ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change modifies GetOriginForURLLoaderFactory to always return an opaque/unique origin for non-standard schemes resulting in unregistered and non-standard schemes receiving the same treatment. New test coverage has been added for this condition, and can be run with: ceftests --gtest_filter=CorsTest.CustomUnregistered 2021-04-12 19:55:48 +02:00
			`// Calculate an approximation of the origin. The sandbox/csp are ignored.`
			`url::Origin origin = GetOriginForURLLoaderFactoryUnchecked(this);`
			`+ if (!origin.GetURL().IsStandard()) {`
			`+ // Always return an opaque origin for non-standard URLs. Otherwise, the`
			`+ // below CanAccessDataForOrigin() check may fail for unregistered custom`
			`+ // scheme requests in CEF.`
			`+ return origin.DeriveNewOpaqueOrigin();`
			`+ }`

			`// Apply sandbox flags.`
			`// See https://html.spec.whatwg.org/#sandboxed-origin-browsing-context-flag`